[Samba] SOLVED(I hope): Difficulties with Windows XP: failed to find cifs/fileserver.y.z at Y.Z in keytab (arcfour-hmac-md5)
Marc Muehlfeld
mmuehlfeld at samba.org
Mon Jan 16 17:39:51 UTC 2017
Hello,
Am 16.01.2017 um 18:07 schrieb rawi via samba:
> I discovered, that the generated smb.conf was not enough for an AD-DC.
>
> Despite having:
>
> server role = active directory domain controller
>
> ... the default settings for:
>
> domain logons = no (?)
> domain master = auto (aka equally NO)
> local master = yes
>
> (not specifically mentioned in the generated smb.config)
>
> ... where enough for Windows7 and Windows8 (?), but not for Windows XP
>
> After setting
>
> domain master = YES
>
> ... I could join the WindowsXP and login.
>
> I also added then (to be sure ;) domain logons = YES.
>
> This seems now to work. I'll test tomorrow joins with another clients.
>
> What remains, is the question, why a "server role = active directory domain
> controller" doesn't enable "domain logons" by default?
I cannot confirm this. I never had these settings in smb.conf files on
my DCs and XP clients ran successfully.
Additionally, the "domain logons" parameter was for Win9x clients and
the default is "off" since a very long time, not just on AD DCs. See the
smb.conf man page:
> domain logons (G)
>
> If set to yes, the Samba server will provide the netlogon service for
> Windows 9X network logons for the workgroup it is in. This will also
> cause the Samba server to act as a domain controller for NT4 style
> domain services. For more details on setting up this feature see the
> Domain Control chapter of the Samba HOWTO Collection.
>
> Default: domain logons = no
I'm a bit afraid what happens if you enable this on a Samba DC.
Let us know what it breaks. ;-)
Regards,
Marc
More information about the samba
mailing list